faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwrite files via a symlink attack on JOB files.
Threat-Mapped Scoring
Score: 0.0
Priority: Unclassified
EPSS
Score: 0.00055
Percentile:
0.17232
CVSS Scoring
CVSS v3.1 Score: 5.5
Severity: MEDIUM
Mapped CWE(s)
-
CWE-59
: Improper Link Resolution Before File Access ('Link Following')
All CAPEC(s)
-
CAPEC-132: Symlink Attack
-
CAPEC-17: Using Malicious Files
-
CAPEC-35: Leverage Executable Code in Non-Executable Files
-
CAPEC-76: Manipulating Web Input to File System Calls
CAPEC(s) with Mapped TTPs
-
CAPEC-132: Symlink Attack
Mapped TTPs:
-
CAPEC-17: Using Malicious Files
Mapped TTPs:
-
T1574.005
: Executable Installer File Permissions Weakness
-
T1574.010
: Services File Permissions Weakness
-
CAPEC-35: Leverage Executable Code in Non-Executable Files
Mapped TTPs:
Mapped ATT&CK TTPs
-
T1547.009
: Shortcut Modification
Kill Chain: persistence
-
T1574.005
: Executable Installer File Permissions Weakness
Kill Chain: persistence
-
T1574.010
: Services File Permissions Weakness
Kill Chain: persistence
-
T1027.006
: HTML Smuggling
Kill Chain: defense-evasion
-
T1027.009
: Embedded Payloads
Kill Chain: defense-evasion
-
T1564.009
: Resource Forking
Kill Chain: defense-evasion
Malware
APTs Threat Group Associations
Campaigns
Affected Products
- cpe:2.3:a:mgetty_project:mgetty:*:*:*:*:*:*:*:*
← Back to Home